WP Statistics <= 12.6.5 – Authenticated Stored XSS

https://wpvulndb.com/vulnerabilities/9331

User Submitted Posts <= 20190426 – Arbitrary File Upload

https://wpvulndb.com/vulnerabilities/9330

Crelly Slider <= 1.3.4 – Arbitrary File Upload

https://wpvulndb.com/vulnerabilities/9329

Hustle <= 6.0.7 – Unauthenticated CSV Injection

https://wpvulndb.com/vulnerabilities/9326

Paid Memberships Pro <= 2.0.5 – Authenticated Open Redirect

https://wpvulndb.com/vulnerabilities/9327

Event Management Tickets Booking By Event Monster <= 1.0.5 – Stored XSS

https://wpvulndb.com/vulnerabilities/9290

Hostel Plugin <= 1.1.3 – Unauthenticated Stored XSS

https://wpvulndb.com/vulnerabilities/9289

indeed-membership-pro (Ultimate Membership Pro) <=7.5 arbitrary media upload

https://wpvulndb.com/vulnerabilities/9293

Carts Guru – Unauthenticated Object Injection

https://wpvulndb.com/vulnerabilities/9292

Simple File List Plugin <= 3.2.4 – Authenticated Arbitrary File Delete

https://wpvulndb.com/vulnerabilities/9288